Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-668

Allow organization admins to have full control over profile visibility settings

XMLWordPrintable

    • 138

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Summary

      At the moment, only the end users will be able to control their profile visibility settings via https://id.atlassian.com

       

      As an Organisation admin, I'm unable to set myself for a managed account. The only editable data are the Name, Email address and *Job title.

      Proposed solution

      Allow org admins to enforce profile visibility settings according to their organization requirement. ie. Email address should only be visible to the organization and this should be enforced. 

        1. Administration.png
          Administration.png
          84 kB
        2. Atlassian_account.png
          Atlassian_account.png
          83 kB
        3. image-2020-01-21-13-28-14-521.png
          image-2020-01-21-13-28-14-521.png
          77 kB
        4. image-2020-01-21-13-33-44-210.png
          image-2020-01-21-13-33-44-210.png
          25 kB

            [ACCESS-668] Allow organization admins to have full control over profile visibility settings

            Mohit Bakshi added a comment -

            +1

            Mohit Bakshi added a comment - +1

            Ju Shin Lee added a comment -

            +1

            Ju Shin Lee added a comment - +1

            Quinton Johnson added a comment -

            In Jan 2024 a threat actor scraped public information from Trello profiles and pieced that information together with a list of email addresses from other sources. This causes concern for future threats and data breaches. 
            https://community.atlassian.com/t5/Trello-articles/Setting-the-record-straight-about-Trello-user-profile-data/ba-p/2587253
             
            If you view your profile using the link below, it appears some fields like Full Name and Job Title are public while other fields are viewed by internal [organization] only. And the public fields can be changed to private/internal only. 
            https://id.atlassian.com/manage-profile/profile-and-visibility
             
            It would be ideal if org admins had a way to default fields like Job Title to organization visibility for all managed users rather than having this data public and only mutable on an individual basis.

            Quinton Johnson added a comment - In Jan 2024 a threat actor scraped public information from Trello profiles and pieced that information together with a list of email addresses from other sources. This causes concern for future threats and data breaches.  https://community.atlassian.com/t5/Trello-articles/Setting-the-record-straight-about-Trello-user-profile-data/ba-p/2587253   If you view your profile using the link below, it appears some fields like Full Name and Job Title are public while other fields are viewed by internal [organization] only. And the public fields can be changed to private/internal only.  https://id.atlassian.com/manage-profile/profile-and-visibility   It would be ideal if org admins had a way to default fields like Job Title to organization visibility for all managed users rather than having this data public and only mutable on an individual basis.

            Holly Makris (Inactive) added a comment -

            We have this on our internal roadmap to start investigation early 2025.

            Holly Makris (Inactive) added a comment - We have this on our internal roadmap to start investigation early 2025.

            Chaitra Doddegowda added a comment -

            https://getsupport.atlassian.com/browse/CES-22298

            Chaitra Doddegowda added a comment - https://getsupport.atlassian.com/browse/CES-22298

            Daniel MERCIER added a comment - - edited

            +1

            We became aware of that aspect thanks to a colleague and we see this as a security issue. The difficulty is that asking everyone to make the necessary changes and validate the changes in our large organisation is almost impossible (1000+ users). It definitely feels like something that should be part of Atlassian Access.

            Daniel MERCIER added a comment - - edited +1 We became aware of that aspect thanks to a colleague and we see this as a security issue. The difficulty is that asking everyone to make the necessary changes and validate the changes in our large organisation is almost impossible (1000+ users). It definitely feels like something that should be part of Atlassian Access.

            Yanir Ben-Nun added a comment -

            Looking forward to this, much needed from security and privacy perspective.

            Yanir Ben-Nun added a comment - Looking forward to this, much needed from security and privacy perspective.

              e902c0832f88 Sudesh Peram
              lellis2@atlassian.com Belto
              Votes:
              90 Vote for this issue
              Watchers:
              96 Start watching this issue

                Created:
                Updated: